📦

actions\/artifact

Name: actions\\/artifact
Author: WatchStack

Vendor: github

Login to add this product to WatchStack

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 7.71% Exploit Prob.

Latest CVE CVE-2024-42471 Sep 02

Security Vulnerability Index

Page 1 / 1

7.3 CVSS

CVE-2024-42471

Exploit Found

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.2 or higher. There are no known workarounds for this issue.

EPSS: 7.71%

Severity: HIGH

Sep 02, 2024

Displaying 1 of 1 Total Entries

1

Total 1 Sections